From Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures

Gorbenko, Anatoliy; Romanovsky, Alexander; Tarasyuk, Olga; Biloborodov, Oleksandr

doi:10.1109/tr.2019.2897248

Cited by 16 publications

(13 citation statements)

References 34 publications

(47 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are various ways in which vulnerabilities can be exploited. Attackers can get commands executed in the normal way, or overcome restrictions in order to gain forbidden access to data, or trigger denial of service and system service termination [21]. Every software has its vulnerabilities, and vulnerabilities occur when developers make mistakes on the logic of the coding or use imperfect validation so that the software created has an unknown weakness.…”

Section: Vulnerabilitymentioning

confidence: 99%

Automated Security Enhancement Framework for Linux Operating System

2020

IJETER

View full text Add to dashboard Cite

Cloud computing has evolved at an incredible speed, and, in many organizations, it entwined with the sophisticated technological landscape that supports critical daily operations. The cloud computing environment gives rise to a new type of risk, and the user faces many challenges in protecting their existing IT environment. Security in Cloud computing has become a matter of global interest, and it involves securing information by detecting, preventing, and responding to cyber-attacks. Several research efforts have been made in different domains, each having specific features and peculiarities to address various security breaches. Security enhancement as part of prevention is essential in the cloud environment, especially in the Operating System. Security enhancement on the operating system can be done in several ways, such as updating the operating system, updating security, and Hardening. Hardening the operating system requires a long set of processes and execution. Security benchmarks can be a good fundamental for Hardening, which can improve operating system security. The security benchmark is well researched and tested. There are many recommendations for security benchmark need to implement to the operating system, to execute all security benchmark manually will take time and much effort. To simplify and accelerate the hardening process, this paper will propose a framework to automate the Hardening for Linux OS, which can support parallel execution in several servers.

show abstract

Section: Vulnerabilitymentioning

confidence: 99%

Automated Security Enhancement Framework for Linux Operating System

2020

IJETER

View full text Add to dashboard Cite

show abstract

“…It should be noted that today the Russian Federation is using Ukraine as a testing ground for testing not only new weapons and military equipment, but also new cyber warfare tactics and techniques. In response to the Russian aggression and cyber influence on Ukraine's information systems (e.g., Petya/NotPetya virus and others), the Verkhovna Rada of Ukraine passed an important law "On Basic Principles of Cyber Security of Ukraine" [1] in October 2017, which takes into account modern European expertise and principles of the cooperation In addition, different aspects of operating system vulnerabilities, hacking detection, assessing software vulnerabilities and pen-testing were research topics of B. Cannoles and A. Ghafarian [18]; A. Gorbenko, A. Romanovsky, O. Tarasyuk and O. Biloborodov [19]; Y. Khera, D. Kumar and N. Garg [20]; Y. Kolli, T. K. Mohd and A. Y. Javaid [21]; A. Luse, A. Al Marzooqта J. Burkman [22]; R. Mahajan, M. Singh and S. Miglani [23]; S. Samtani, H. Zhu and H. Chen [24]; S. Shrivastava and T. K. Ramesh [25]; D. Stiawan, M. Y. B. Idris, A. H. Abdullah, M. Al Qurashi and R. Budiarto [26]; H. Y. Xiao and B.…”

Section: Introductionmentioning

confidence: 99%

Formation of Cyber Security Skills Through Methods of Hacking, Bypassing and Protecting the Procedure for Granting Access in Microsoft Windows Operating System

Kyva

Zastelo

Nakonechnyi

2022

ITLT

View full text Add to dashboard Cite

The article looks into the problematic issue of forming/developing teaching staff’s cyber security skills (a case study of the teachers from the National University of Defence of Ukraine named after Ivan Cherniakhovskyi). The importance of this issue is fueled by the analysis of cyber security of user information on personal computers through the prism of vulnerabilities in the security mechanisms implementation for Microsoft Windows operating system (versions 7, 10), including access procedures. The key steps and specificities of the procedure for granting access (identification, authentication and authorization) in Microsoft Windows operating system are described. A survey among the teachers-respondents was conducted to figure out whether they understand the essence of the procedure for granting access and have some idea about methods of hacking, bypassing and protecting this access. The survey revealed that the teaching staff totally misunderstand the concepts and procedures. The issue of forming/developing teaching staff’s cyber security skills becomes even more relevant amid the implementation of basic cyber security principles in Ukraine, adopted by the Verkhovna Rada in 2017. Accordingly, the authors describe typical modern tools of hacking, bypassing and protecting the procedure for granting access in Microsoft Windows operating systems (versions 7, 10), which will enable everyone to master some practical steps in order to realize the importance and necessity of key tools and techniques of ensuring personal cyber security. In doing so, the authors intended to visualize possible ways of cyber security violation and increase awareness about them with the aim of preventing cyber risks. In addition, the authors seek to inform different categories of people that contemporary information and communications technologies not only expand the capabilities of our global digital society, but also increase exponentially the number of objects vulnerable to cyber threats. In addition, our task was to promote the issues of forming/developing teachers’ skills in supporting their cyber security by training them to implement some cyber security tools and techniques aimed at reducing cyber risks. Our attention is also paid to some ethical aspects in reviewing the outlined outcomes, presented for educational purposes in an effort to raise public awareness of the described vulnerabilities, which pose cyber risks to those involved in information sphere.

show abstract

“…According to the Common Vulnerabilities and Exposures (CVE) (n.d.), a vulnerability refers to "a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact on confidentiality, integrity, or availability." Therefore, operating system (OS) vulnerability can be described as exposures or weaknesses within an OS that allows a cyber-attacker/intruder to undermine the integrity of the OS, or any system installed on it as per [2], [3] and others.…”

Section: Introductionmentioning

confidence: 99%

“…These stages include (a) vulnerability birth or creation (the time when OS weakness is created), (b) vulnerability discovery (the time when OS vulnerability is identified by vendor) (c) vulnerability disclosure (vendor makes the vulnerability known to the public), (d) patch availability (vendor provides a quick fix to the weakness), and (e) patch installation (the public users of the affected OS install the quick fix solution to address system weakness) [9] , [11]. In [3] the author suggested an extra stage described as the "exploit stage" to be inserted between the first and fifth stages indicating that the vulnerability of the system could be exploited before the availability of a patch. They provided a clear demonstration of the vulnerability life cycle as demonstrated in Figure 1.…”

Section: Introductionmentioning

confidence: 99%

“…These risks have been given different names. The period between vulnerability discovery or its disclosure to when the patch is installed to fix it is known as the days of risk [3].The terms black risk, grey risk, and white risk are utilized to describe the awareness of the public regarding vulnerability. Black risk describes the lack of public awareness about the existence of vulnerability in the software or hardware they use.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Operating Systems Vulnerability – An Examination of Windows 10, macOS, and Ubuntu from 2015 to 2021

Softić¹,

Vejzović²

2022

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

This study investigated the vulnerabilities of three operating systems: Windows 10, macOS, and Ubuntu. The analysis of secondary data obtained from the CVE and NVD databases for the study period demonstrates varying OS vulnerability. Quantitative assessment of the vulnerability (using the vulnerability score) for the investigated operating systems found consistent results in the security vulnerability of these OS. The correlation of the disclosed vulnerabilities data and the average weighted vulnerability yielded coefficients of -0.3674, -0.4081, and 0.3473 for macOS, Windows 10, and Ubuntu Linux. These results demonstrate windows 10 as having the highest security vulnerability, followed by macOS. Ubuntu Linux had the lowest vulnerability scores. These results were validated by the CVSS distribution of the vulnerability score. The results point to the impact of the popularity of OS on the number of attacks in a given period. OS used by many people tend to attract significant attacks testing their integrity, security, and safety.

show abstract

From Analyzing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures

Cited by 16 publications

References 34 publications

Automated Security Enhancement Framework for Linux Operating System

Automated Security Enhancement Framework for Linux Operating System

Formation of Cyber Security Skills Through Methods of Hacking, Bypassing and Protecting the Procedure for Granting Access in Microsoft Windows Operating System

Operating Systems Vulnerability – An Examination of Windows 10, macOS, and Ubuntu from 2015 to 2021

Contact Info

Product

Resources

About